An ongoing campaign of computer attacks on the U.S. this year has been traced to China. What are the hackers after?

Who has been hacked?Government
agencies, newspapers, utilities, and private companies—literally
hundreds of targets. The cybersecurity firm Mandiant, which has been
tracking these attacks since 2004, says data has been stolen from at
least 140 companies, mostly American, including Google, DuPont, Apple, The New York Times, and The Washington Post,
as well as think tanks, law firms, human-rights groups, and foreign
embassies. A company that provides Internet security for U.S.
intelligence was attacked; so was one that holds blueprints for the
nation’s pipelines and power grids. Hackers even stole classified
information about the development of the F-35 stealth fighter jet from
subcontractors working with the plane’s producer, Lockheed Martin.
Congressional and federal offices have reported breaches. In 2007, the
Pentagon itself was attacked—and it won’t say what was stolen.

Who’s doing it?Ten years ago, Chinese patriots working independently were behind many of the attacks. These young hackers
were outraged by the 1999 U.S. bombing of the Chinese Embassy in
Belgrade, Serbia, an accident during the Kosovo War. Using the name
Honkers, or Red Guests, they launched a series of denial-of-service
attacks on U.S. government websites. But within a few years some of
them had begun working with the Chinese government, targeting Tibetan
and Taiwanese independence groups, the religious group Falun Gong, and
anyone in the West who communicated with Chinese dissidents. In recent
years, says anti-malware specialist Joe Stewart, the number of hackers
has doubled, with 10 major hacking groups in China. “There is a
tremendous amount of manpower being thrown at this from their side,”
Stewart told Bloomberg Businessweek. China’s government now
appears to be directing the attacks. “We’ve moved from kids in their
bedroom and financially motivated crime to state-sponsored cybercrime,”
said Graham Cluley, a British security expert.

Why is China doing this?China
sees cyberwarfare as a valid form of international business and
military competition, and is pursuing what it calls “information
dominance.’’ Mandiant has traced many of the U.S. attacks to a Shanghai
office building that appears to be the home of the People’s Liberation
Army’s cyberwarfare unit. Thousands of hacks, including ones by two of
the prominent aliases, Ugly Gorilla and SuperHard, were traced
definitively to the district, and in recent years, that building has
installed super-high-tech fiber-optic cables able to handle massive data
traffic. About 2,000 people are estimated to be working in the
building. This group appears to specialize in English-language
computers, and hackers seem well versed in Western pop culture; one of
the hackers used Harry Potter references for his passwords. China has
issued a blanket denial, calling Mandiant’s claims “groundless” and
“irresponsible.”

How do the hackers get access?Mostly by the technique known as “spear phishing”.
They send an email with a link that an employee of a targeted company
then opens, activating malware programs that sweep through databases,
vacuuming up information, including emails, blueprints, and other
documents. Some phishing emails are recognized as spam by the
recipients—but the Chinese are getting better at disguising them,
sometimes using email accounts with real people’s names that are known
to the recipient, and using colloquial English, so the emails read as
plausible company business.

What does China do with the information?The
corporate secrets are worth a lot of money to Chinese business.
Blueprints of advanced plants or machinery could help many Chinese
industries, and so could data on corporate finances and policies. Energy
companies, for example, can benefit from knowing what their foreign
competitors are willing to bid for oil field sites. Chinese companies
have already been sued for allegedly stealing DuPont’s proprietary
method for making chemicals used in plastics and paints. More ominously,
some of the information could be used to disrupt U.S. industry or
infrastructure (see below). And while China is the main source of
attacks, other countries also frequently hack U.S. sites, including
Russia, North Korea, and Iran.

What is the U.S. doing to protect itself?Congress
refused to pass a comprehensive cybersecurity act last year because of
opposition from business groups, which complained that new computer
regulations would be costly and onerous. As a result, President Obama
recently issued an executive order requiring Homeland Security to
identify “critical infrastructure where a cybersecurity incident could
reasonably result in catastrophic regional or national effects on public
health or safety, economic security, or national security.” Those
companies will have to beef up their cybersecurity by installing
multiple layers of protection for the most sensitive systems. Right now,
some companies have only a single firewall, and once that is breached,
all the data is available. “The dirty little secret in these control
systems is once you get through the perimeter, they have no security at
all,” said Dale Peterson of security company Digital Bond. Hackers “can
do anything they want.”

A worst-case scenarioDerailed
trains. Air traffic control systems suddenly shut down with thousands
of planes in the air. Exploding chemical plants and gas pipelines.
Blackouts over large parts of the country, lasting weeks or even months.
These are some of the apocalyptic events cybersecurity experts
fear—hacks that could kill people and sow widespread panic. But what
might be even more damaging, the experts say, is a coordinated attack on
multiple banks in which hackers alter—not wipe—much of the financial
data stored on their computers. With balances, debts, and other data
changed, no transaction would be trustworthy. Nobody’s bank account or
mortgage statement could be deemed accurate. “It would be impossible to
roll that back,” said Dmitri Alperovitch of the computer security
company CrowdStrike. “You could wreak absolute havoc on the world’s
financial system for years.” Leon Panetta, the outgoing defense
secretary, warns that hackers are now testing the defenses of banks,
utilities, and government agencies, and figuring out how to launch a
paralyzing attack. “This is a pre-9/11 moment,” Panetta recently told
business executives in New York. “The attackers are plotting.”